[Git][security-tracker-team/security-tracker][master] triage for older issues

Moritz Muehlenhoff (@jmm) Sun, 03 Nov 2024 12:06:31 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4f5ca67b by Moritz Muehlenhoff at 2024-11-03T21:05:49+01:00
triage for older issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -91528,7 +91528,7 @@ CVE-2023-46132 (Hyperledger Fabric is an open source 
permissioned distributed le
        NOT-FOR-US: Hyperledger Fabric
 CVE-2023-46121 (yt-dlp is a youtube-dl fork with additional features and 
fixes. The Ge ...)
        - yt-dlp 2023.11.16-1 (bug #1055996)
-       [bookworm] - yt-dlp <no-dsa> (Minor issue)
+       [bookworm] - yt-dlp <ignored> (Minor issue)
        NOTE: 
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x
        NOTE: 
https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb
 (2023.11.14)
 CVE-2023-46026 (Cross Site Scripting (XSS) vulnerability in profile.php in 
phpgurukul  ...)
@@ -95232,7 +95232,7 @@ CVE-2023-6377 (A flaw was found in xorg-server. 
Querying or changing XKB button
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
 CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This 
issue oc ...)
        - xorg-server <unfixed> (bug #1055426)
-       [bookworm] - xorg-server <no-dsa> (Minor issue)
+       [bookworm] - xorg-server <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - xorg-server <no-dsa> (Minor issue)
        [buster] - xorg-server <no-dsa> (Minor issue)
        NOTE: 
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
@@ -111971,10 +111971,10 @@ CVE-2023-35937 (Metersphere is an open source 
continuous testing platform. In ve
        NOT-FOR-US: Metersphere
 CVE-2023-35934 (yt-dlp is a command-line program to download videos from video 
sites.  ...)
        - yt-dlp 2023.07.06-1 (bug #1040595)
-       [bookworm] - yt-dlp <no-dsa> (Minor issue)
+       [bookworm] - yt-dlp <ignored> (Minor issue)
        [bullseye] - yt-dlp <no-dsa> (Minor issue)
        - youtube-dl <removed> (bug #1079502)
-       [bookworm] - youtube-dl <no-dsa> (Minor issue)
+       [bookworm] - youtube-dl <ignored> (Minor issue)
        [bullseye] - youtube-dl <postponed> (Minor issue)
        NOTE: 
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
        NOTE: 
https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729
@@ -156396,7 +156396,7 @@ CVE-2022-4056
        RESERVED
 CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, 
improp ...)
        - xdg-utils <unfixed> (bug #1027160)
-       [bookworm] - xdg-utils <no-dsa> (Minor issue)
+       [bookworm] - xdg-utils <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - xdg-utils <no-dsa> (Minor issue)
        [buster] - xdg-utils <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
@@ -285791,7 +285791,7 @@ CVE-2021-25744
        RESERVED
 CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences 
containe ...)
        - kubernetes <unfixed> (bug #1016441)
-       [bookworm] - kubernetes <no-dsa> (Minor issue)
+       [bookworm] - kubernetes <ignored> (Minor issue)
        [bullseye] - kubernetes <no-dsa> (Minor issue)
        NOTE: https://github.com/kubernetes/kubernetes/issues/101695
 CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user 
that can ...)
@@ -319613,12 +319613,11 @@ CVE-2020-24905
        RESERVED
 CVE-2020-24904 (An issue was discovered in attach parameter in GNOME Gmail 
version 2.5 ...)
        - viagee 3.7-1 (bug #1051726)
-       [bookworm] - viagee <no-dsa> (Minor issue)
+       [bookworm] - viagee <ignored> (Minor issue)
        - gnome-gmail <removed>
        [bullseye] - gnome-gmail <no-dsa> (Minor issue)
        [buster] - gnome-gmail <no-dsa> (Minor issue)
        NOTE: https://github.com/davesteele/gnome-gmail/issues/84
-       NOTE: 
https://github.com/davesteele/viagee/commit/c961b7431018976abc9c964ce594b371fb84183e
 CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected 
cross-site scri ...)
        NOT-FOR-US: Cute Editor for ASP.NET
 CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site 
scripting (XS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5ca67bd7e801704aec3d3ee728fbe4e8ec1274

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5ca67bd7e801704aec3d3ee728fbe4e8ec1274
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] triage for older issues

Reply via email to